Its because you are not thinking like a criminal. It is hard for a good and decent person to think like a scoundrel, so the fact you can’t see or understand how could there be gaps is good.

If I was going to hack a company, my first task would take me all of 100$ and 30 mins of my time to do it. I would buy in bulk a shit ton of USB sticks. I would find the company logo, print them out on my printer on label and affix the labels to the USB sticks. I would put key loggers among other shit onto the USB stick and then I would go into a company parking lot and just drop 100 of these USB sticks all around. I drop 100, 3-7 employees will plug them into their computers on average. If they got a very good IT and security department, this number drops to 0-2. It is never 0 because you always got that person whose curiosity overshadows all their training to never, ever, ever, ever, plug a USB stick into their computer that IT did not give to them, and now I am in.